Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Are Encryption and Zero Trust Breaking Key Protections?

Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments.

ZTNA Zero Trust

According to Gartner, 75% of the global population will have its personal data covered under privacy regulations by the end of 2024. And in their latest information security and risk management study, Gartner identifies Zero Trust Network Access (ZTNA) as the fastest-growing segment in network security, forecast to grow 31% in 2023 and propelled by the rise in remote workers. Hybrid work is a fact of life and expected to be served predominantly by ZTNA versus VPN services.

Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments.

Unintended consequences

ZTNA is great for security in one aspect, providing greater control over movement and access as the Atomized Network continues to grow and applications and people are everywhere. Instead of authenticating once and then getting relatively open access to resources and devices on a network, zero trust is about authenticating and receiving a set of permissions and authorization for explicit access. However, ZTNA’s use of encryption to secure all connections, regardless of where they reside in the infrastructure, is creating massive issues in another aspect of security. As I’ve discussed before, encryption is blinding many of the network visibility and security tools we have traditionally used for enterprise protection.

Organizations that decide to use secure access service edge (SASE) platforms to manage ZTNA, also sacrifice a degree of visibility for the sake of authentication and encryption. With SASE, authentication and authorization is managed when users connect to their provider’s dedicated cloud. From a user perspective the experience is fairly seamless, but security teams tell us they don’t have what they need to do their jobs. Typically, they are only able to view authentication logs and access logs, so they can’t see what is happening in real-time across that cloud environment.

Even when an organization doesn’t go the zero trust route because it may be overkill for their environment, they still implement encryption for data privacy and protection reasons. The highest level of encryption is used – not just for internet-facing hosts, but also internally to secure data at rest and in transport.

The risk paradox

As encryption becomes pervasive, organizations are adding complexity for security teams to do things like troubleshooting and threat hunting. The combined impact of encryption and the atomization of networks is deprecating a lot of the legacy tools that use deep packet inspection (DPI) and packet capture technologies, making them significantly more expensive and complex to deploy and manage.

Advertisement. Scroll to continue reading.

The traditional thought process is that in order to detect and respond we have to see everything, which means we have to decrypt everything. Sure, decryption is possible, but it doesn’t scale anymore. In a dispersed and ephemeral environment with no defined perimeter, putting an appliance in the middle to do decryption is getting harder and harder to do. We have more traffic to decrypt, more certificates to manage, and any point at which we break encryption for detection and response is another point at which we are potentially exposing sensitive data. In an effort to keep our networks secure, we are elevating our risk profile.

Network security without breaking decryption

The time has come to reimagine our approach to network security so we can see what is going on and detect and respond to threats without introducing additional risk.

Learn More at SecurityWeek’s Zero Trust Strategies Summit



Join us as we decipher the confusing world of zero trust and share war stories on securing an organization by eliminating implicit trust and continuously validating every stage of a digital interaction.
April 12, 2023 – Register

A lot of machines have endpoint detection response (EDR) agents installed on them that provide visibility into hosts on the network and local processes. However, not every networked device in an environment is capable of supporting an agent, and EDR doesn’t provide visibility into network traffic in real-time. That’s where metadata in the form of flow data comes in. There’s no need to capture and inspect every packet to view and monitor network traffic for detection and response. Metadata is widely available across your multi-cloud, on-premises, and hybrid environment and when enriched with context provides high-level real-time visibility into traffic across the Atomized Network.

Collectively, EDR and metadata provide a good picture of what’s on the network, what it’s doing, and what’s happening to it and can detect most attacks without breaking encryption. In cases where we see anomalous behavior that requires a deeper dive, we can narrow the scope of what we are looking at and narrow decryption. By changing procedures to only decrypt when necessary, we can reduce our risk profile accordingly while minimizing cost and complexity.

It turns out encryption and zero trust aren’t breaking key protections. Instead, they are forcing an inevitable change for the better. Organizations can move away from 100% decryption, which doesn’t scale anymore and introduces risk, enjoy the benefits of ZTNA and encryption, and still get comprehensive visibility and the coverage needed to protect their Atomized Network.

Related: Cyber Insights 2023 | Zero Trust and Identity and Access Management

Written By

Over his 25+ year career, Matt has held senior technology leadership positions across numerous industries including Netography, Neustar, Verisign, and Prolexic Technologies. With a rich background in innovation and go-to-market strategies, Matt has been a critical leader in helping many companies conceptualize solutions from the customer lens and drive them to market with significant impact.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.